Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
matteocostanzo
New Contributor II

is it possible to use fortigate as a reverse proxy

Hi everyone I have a FortiGate 100F with version v7.2.4 build1396.

inside this firewall i have many webservers exposing with their own certificate installed locally on single server.

I wanted to know if with fortigate I can centralize this thing.

installing all certificates on the firewall and exposing all servers with this centralization of certificates.

treat the fortigate as a reverse proxy.

if it can be done. what tools should i use???

6 REPLIES 6
fredery
Staff
Staff
matteocostanzo
New Contributor II

ok it works.

but now I have a second question.

since the virtual server works only with IP address.

if i want to publish many internal webservers with this method.

it seems to me that with this method I will have to make a 1:1 association external ip - internal ip.

i cant work with dns names?? if i have only one external ip to work with how can i do?? Do you think it is possible or not?

fredery
Staff
Staff

Hello Matteo,

 

You have the option of specifying FQDN, exactly aligned with your use case. And empty configuration screenshot to show you the options available in the GUI:

 

2023-04-05 11_34_05-FortiGate - Discovery-kvm07 — Mozilla Firefox.png

matteocostanzo

I failed to use this virtual ip solution.

I used the Load balancer virtual server solution

matteocostanzo

lol
Staff
Staff

Hello,

 

> i cant work with dns names?? if i have only one external ip to work with how can i do??

 

This can be achieved with "set ldb-method http-host" and setting "set http-host your.fqdn"

 

 

In the link you posted its the feature
>> HTTP Host
>> Load balances HTTP host connections across multiple real servers using the host’s HTTP header to guide the connection to the correct real server.


Also refer to this forum post and the replies which is basically asking the same, one external IP and hosting multiple internal servers based on SNI / FQDN.
https://community.fortinet.com/t5/Support-Forum/Fortigate-SSL-Offloading-with-SNI/td-p/252027

 


Regards

Labels
Top Kudoed Authors